The US trade regulator has published guidelines: “Marketing your mobile app: Get it right from the start” They address compliance with transparency requirements when promoting mobile apps as well as privacy issues as Manana Shrimpling summarises.
Topic: Mobile marketing
Who: US Federal Trade Commission
Where: Washington, DC
When: 5 September 2012
Law as stated at: 3 October 2012
The US Federal Trade Commission (FTC) has issued a set of guidelines, "Marketing Your Mobile App: Get It Right From the Start", to help mobile application developers and advertisers comply with advertising and privacy standards.
The guidance sets out nine general issues that app developers should consider:
1. Tell the truth about what your app can do – this applies to websites, in an app store or within the app itself. Making false or misleading claims, as well as omitting certain important information can lead to a breach of legal obligations. Objective claims about the app need to be backed up with solid proof. E.g. competent and reliable scientific evidence will be needed to back up claims that an app provides benefits relating to health, safety or performance.
2. Disclose key information clearly and conspicuously – the FTC has taken action against companies that have buried important terms and conditions in long licensing agreements, dense legal terminology or vague hyperlinks.
3. Build privacy considerations in from the start – this means incorporating privacy protections into practices, limiting the information collected, securely storing information and safely disposing of information that is no longer required. Express consent from the user must be obtained for any collection or sharing of information that is not apparent.
4. Be transparent about your data protection practices – e.g. if data needs to be collected or shared for the app to operate, the information collected and how that information is used must be explained.
5. Offer choices that are easy to find and easy to use – e.g. privacy settings, opt-outs or other choices in relation to how to use the app.
6. Honour your privacy promises – and disclose the extent to which information is collected or shared with other parties such as advertisers or other app developers. Users' consent for material changes in policy must be obtained.
7. Protect kids' privacy – any operator whose app is directed at children under the age of 13, or who has actual knowledge that a user is under 13, must clearly explain its information practices and obtain parental consent before collecting personal information from children under the Children's Online Privacy Protection Act.
8. Collect sensitive information only with consent – e.g. medical or financial data, or precise geo-location information.
9. Keep user data secure – the FTC suggests that the best way to do this is to:
• collect only the information required
• secure data by taking reasonable precautions against well-known security risks
• limit access to a need-to-know basis
• safely dispose of data when it is no longer required
Why this matters:
With the analyst firm Gartner predicting that app development projects for mobile devices will outnumber traditional app projects by a 4-to-1 ratio in three years, this guidance provides helpful tips to European app developers and advertisers on US law and FTC enforcement.
However, it also has wider application as similar considerations apply under European laws in relation to the need to make truthful statements, disclose key information, and ensure that the operation of the app and the relevant terms and conditions comply with data protection and privacy laws.
The importance of complying with such laws is demonstrated by the potential fines in this area. The UK Information Commissioner has powers to issue fines of up to £500,000 for breach of data protection laws and earlier this summer, the FTC imposed a $22.5m fine on Google (the largest single fine of its kind) over charges that it misled users about the way its privacy settings were applied on the Safari web browser.